Skills
skills/asiaostrich/universal-dev-standards/commit/Gen Agent Trust Hub

commit

Pass

Audited by Gen Agent Trust Hub on Mar 11, 2026

Risk Level: SAFECOMMAND_EXECUTIONEXTERNAL_DOWNLOADSREMOTE_CODE_EXECUTIONPROMPT_INJECTION
Full Analysis
  • [COMMAND_EXECUTION]: The skill workflow involves executing git commands such as git status, git diff, and git commit to manage repository changes as defined in SKILL.md and guide.md.
  • [COMMAND_EXECUTION]: The 'Reality Check' section in guide.md instructs the agent to run uds check (a tool from the vendor asiaostrich) and npx commitlint to validate commit message standards.
  • [EXTERNAL_DOWNLOADS]: The skill uses npx in guide.md to fetch the commitlint package from the npm registry, which is a well-known service registry.
  • [REMOTE_CODE_EXECUTION]: The validation step utilizes npx to dynamically execute the commitlint tool from a remote source.
  • [PROMPT_INJECTION]: The skill is susceptible to indirect prompt injection from the files it processes.
  • Ingestion points: The skill reads untrusted data from the local repository via git diff --staged and git status as specified in SKILL.md.
  • Boundary markers: None. No delimiters or specific instructions are provided to the agent to ignore or isolate content within the git diffs.
  • Capability inventory: The skill can modify the repository history using git commit and execute shell commands through git and npx.
  • Sanitization: There is no evidence of sanitization or escaping applied to the content of the code diffs before they are processed by the LLM to generate the commit message.
Audit Metadata
Risk Level
SAFE
Analyzed
Mar 11, 2026, 05:16 AM